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DETAILED ACTION 
Response to Amendment 

1. This action is in response to the amendment filed 12/20/06. Claims 10 
and 12-29 have been amended; claims 30-32 have been cancelled; claims 
33-34 have been added. 

Response to Arguments 

2. Applicant's arguments with respect to the rejections of claims 10 and 
12-32 under 35 USC 112, first paragraph, for failing to comply with the 
written description requirement, have been considered and are persuasive. 
However, applicant's amendments (i.e., by deleting the term "tangible", and 
thus making the claims "computer readable claims") have necessitated new 
grounds of rejections that are not based on prior art. 

3. Applicant's arguments with respect to the rejections of claims 1-10 
and 12-32 under 35 USC 102(e) have been fully considered but they are not 
persuasive. Applicant argues that Swift (6,308,274) does not allow one to 
grant access based on dynamic data or dynamic poMcies (page 10, 2 nd 
paragraph). Swift discloses using a restricted token in controlling a user's 
access to a resource wherein the restricted token is created based on the 
user as well as the type of process/application used by the user to access 
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the resource (col. 6, lines 38-47), and the type of process/application used 
by the user is dynamic data. Swift also discloses a dynamic policy for 
accessing a resource wherein the resource can be accessed by a user using 
one type of process but not another type of process, e.g., MSWord and 
MSExcel are allowed, but not Internet Explorer (fig. 5; col. 7, lines 50-61; 
col. 11, lines 57-65). 

Applicant argues that the restricted tokens themselves are not 
generated for the same user according to dynamic factors and are 
associated with process, but not users (page 10, last paragraph). Swift 
discloses that the restricted token is created based on the user (i.e., the 
regular/parent token associated with an authenticated user) as well as the 
type of process/application used by the user to access the resource (fig. 2, 
elements 60 and 84; col. 6, lines 38-47; fig. 5, elements 88 and 92). 

Applicant argues that Swift does not evaluate a client authorization 
context or access request based on dynamic data and dynamic policy (end of 
page 11). Swift discloses that when a user is authenticated, an 
authorization/security context (i.e., a regular access token) is created for the 
user (fig. 2, element 60; col. 4, lines 46-60). Then, a restricted access 
token is created based on the regular access token and dynamic data such 
as the type of process/application used by the user to access a resource (fig. 
2, element 84; fig. 5, elements 84 and 92; col. 6, lines 4-28; col. 7, lines 
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50-61). Swift further discloses that the use of restricted tokens allows 
restricting access to a resource based on a dynamic policy (col. 7, lines 50- 
64; col. 11, lines 57-65) 

Claim Objections 

4. Claim 33 is objected to because of the following informalities: 
- "a callback a callback" (line 7) 

■ "dynamic groups" (line 11) should be "dynamic groups function(s)" 
Appropriate correction is required. 

Claim Rejections - 35 USC §101 

5. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or 
composition of matter, or any new and useful improvement thereof, may obtain a patent 
therefor, subject to the conditions and requirements of this title. 

6. Claims 10, 12-29 and 33-34 are rejected under 35 U.S.C. 101. The 
claims are directed to a computer readable medium that provides computer 
executable instructions. Such a computer readable medium includes 
encoded signals (see Specification, page 7, lines 12-16 and 23-27), which 
does not fall within one of the four statutory classes of § 101. Applicant is 
suggested to change the claimed subject matter from "a computer readable 
medium" to "a computer storage medium". Please refer to Annex IV of 
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Interim Guidelines for Examination of Patent Applications for Patent Subject 
Matter Eligibility, 1300 Off. Gaz. Pat. Office 142 (Nov. 22, 2005) (Patent 
Subject Matter Eligibility Interim Guidelines). 

Claim Rejections - 35 USC §112 

7. The following is a quotation of the first paragraph of 35 U.S.C. 112: 

The specification shall contain a written description of the invention, and of the manner 
and process of making and using it, in such full, clear, concise, and exact terms as to 
enable any person skilled in the art to which it pertains, or with which it is most nearly 
connected, to make and use the same and shall set forth the best mode contemplated by 
the inventor of carrying out his invention. 

8. Claims 33-34 are rejected under 35 U.S.C. 112, first paragraph, as 
failing to comply with the written description requirement. The claim(s) 
contains subject matter which was not described in the specification in such 
a way as to reasonably convey to one skilled in the relevant art that the 
inventor(s), at the time the application was filed, had possession of the 
claimed invention. Claim 33, which is a new claim, recites the limitation 
"automatically invoking a dynamic access check callback function by access 
check application programming interfaces that initialize a client authorization 
context from a system level authorization context or a user's security 
identifier, whereby when a user attempts to connect to the application, the 
registered dynamic access check callback function is invoked such that the 
client context is augmented with client contextual data dynamically 
computed using said dynamic data." The originally filed specification does 
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not disclose using/invoking a dynamic access check callback function to (i) 
initialize a client authorization context from a system level authorization 
context or a user's security identifier, or (ii) augment the client context with 
client contextual data dynamically computed using said dynamic data. 
Therefore, the limitation is considered new matter. Claims that are not 
specifically addressed are rejected by virtue of their dependency. 

9. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and 
distinctly claiming the subject matter which the applicant regards as his invention. 

10. Claims 33-34 are rejected under 35 U.S.C. 112, second paragraph, as 
being indefinite for failing to particularly point out and distinctly claim the 
subject matter which applicant regards as the invention. Claim 33 recites 
the limitation "the registered dynamic access check callback function" in line 
21. There is insufficient antecedent basis for this limitation in the claim. 
Claims that are not specifically addressed are rejected by virtue of their 
dependency. 

Claim Rejections - 35 USC §102 

11. The following is a quotation of the appropriate paragraphs of 35 
U.S.C. 102 that form the basis for the rejections under this section made in 
this Office action: 
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A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 
122(b), by another filed in the United States before the invention by the applicant for 
patent or (2) a patent granted on an application for patent by another filed in the United 
States before the invention by the applicant for patent, except that an international 
application filed under the treaty defined in section 351(a) shall have the effects for 
purposes of this subsection of an application filed in the United States only if the 
international application designated the United States and was published under Article 
21(2) of such treaty in the English language. 

12. Claims 1-10 and 12-29 are rejected under 35 U.S.C. 102(e) as being 
anticipated by Swift (6,308,274). 

The applied reference has a common assignee with the instant 
application. Based upon the earlier effective U.S. filing date of the 
reference, it constitutes prior art under 35 U.S.C. 102(e). This rejection 
under 35 U.S.C. 102(e) might be overcome either by a showing under 37 
CFR 1.132 that any invention disclosed but not claimed in the reference was 
derived from the inventor of this application and is thus not the invention 
"by another," or by an appropriate showing under 37 CFR 1.131. 

Regarding claims 1, 3-4, 10-15 and 22, Swift discloses a method for 
dynamically managing access to a resource in a computer system having a 
client making a request for the resource, the method comprising: 

computing a client authorization context after the request for the 
resource is received from the client (col. 4, lines 46-55); 

determining, via an application programming interface, based 
upon dynamic data and first dynamic policy whether the client authorization 
context is to be updated, wherein said first dynamic policy is tailored to an 
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application through which the resource is accessed (col. 6, line 5 - col. 7, 
line 35); 

updating the client authorization context according to said 
determination (col. 6, line 5 - col. 7, line 35); 

comparing the client authorization context to at least one access 
control entry of an access control list (col. 7, lines 51-61); 

identifying an access control entry as an access control entry of 
type allow and when the allow access control entry applies in access 
evaluation, dynamic access check using dynamic data is automatically 
invoked (col. 5, lines 2-11; col. 7, lines 51-61; col. 11, lines 21-65), the 
allow access control entry being functionally equivalent to a callback access 
control entry; and 

in response to identifying the access control entry as a callback 
access control entry, evaluating, via said application programming interface, 
based upon the dynamic data and the second dynamic policy whether said 
allow access control entry bears on said access request, wherein said second 
dynamic policy is tailored to said application (col. 5, lines 2-11; col. 7, lines 
51-61; col. 11, lines 21-65). 

Regarding claim 2, Swift further discloses that the first dynamic policy 
defines flexible rules for determining the client authorization context (col. 6, 
lines 5-27; col. 12, lines 16-45) and wherein said second dynamic policy 
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defines flexible rules for purposes of determining access privileges (col. 7, 
lines 51-61; col. 11, lines 21-65). 

Regarding claims 5, 16 and 23, Swift further discloses that the 
evaluating based upon dynamic data includes invoking an application- 
defined dynamic access check routine that performs based in part upon 
dynamic data such as a Boolean expression in the access control list, the 
Boolean expression indicating a condition for granting access to the resource 
(col. 11, lines 21-65; col. 12, lines 46-67). Since access is evaluated using 
data in each access control entry, inherently, the Boolean expression is part 
of the callback access control entry. 

Regarding claims 6, 17 and 24, Swift further discloses that the access 
check routine is invoked automatically when there is a match between an 
identifier in the client authorization context and an identifier in the callback 
access control entry (col. 7, lines 51-61; col. 11, lines 21-65). 

Regarding claims 7 and 18, Swift further discloses registering with the 
operating system, which is the resource manager of the computer system, 
an application-defined routine for determining dynamic groups (col. 6, lines 
38-47; col. 12, lines 36-67). 

Regarding claims 8 and 19, Swift further discloses an application- 
defined routine for determining dynamic access checks is performed by the 
security mechanism in the kernel (col. 11, lines 10-20). Inherently, the 
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routine is registered with the operating system, which is the resource 
manager of the computer system. 

Regarding claims 9, 21 and 25, Swift further discloses that the 
evaluating based upon dynamic data and second dynamic policy 
supplements a determination of access rights based upon static data and 
policy (col. 11, lines 38-56). 

Regarding claim 20, Swift further discloses comparing data to a client 
authorization context determined based upon static data and policy before 
determining whether the client authorization context is to be updated (col. 7, 
lines 5-22; col. 8, lines 8-17). 

Regarding claim 26, Swift discloses for an application in a computer 
system having a resource manager that manages and controls access to a 
resource, carrying out a dynamic authorization callback mechanism that 
provides extensible support for application-defined business rules via a set of 
APIs and DACLS including a dynamic groups element, which enables an 
application to assign temporary group membership, based on dynamic 
factors, to a client for the purpose of checking access rights (col. 5, lines 2- 
28; col. 6, lines 15-27; col. 7, lines 5-22; col. 8, lines 30-60; col. 11, lines 
10-56). 

Regarding claim 27, Swift further discloses a dynamic access check 
element, which enables an application to perform dynamic access checks, 



Application/Control Number: 09/849,093 Page 11 

Art Unit: 2132 

via DACLS and APIs, said dynamic access checks being customized to the 
application (col. 13, lines 20-56). - 

Regarding claim 28, Swift further discloses that the dynamic groups 
element and a dynamic access element are performed at the operating 
system level (col. 13, lines 20-56). Inherently the elements are registered 
with the operating system which is the resource manager of the computer 
system. 

Regarding claim 29, Swift further discloses that the dynamic groups 
element and a dynamic access element utilize dynamic data related to client 
operation (col. 12, lines 46-59; col. 13, lines 20-43). 

Allowable Subject Matter 

13. Subject to the above 112, 1st paragraph and 2nd rejections, claims 
33-34 would be allowable over the prior art of record. 

14. The following is a statement of reasons for the indication of allowable 
subject matter. Regarding claim 33, the limitation "the application using an 
initialization routine to register with a resource manager dynamic groups 
[function] that enable the application to assign temporary group 
membership based upon transient or changing factors to a client for the 
purpose of checking access rights and to register with said resource 
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manager dynamic access check callback functions that enable the application 
to perform customized procedures for checking access rights based on said 
transient or changing factors" in combination with "automatically invoking a 
dynamic access check callback function by access check application 
programming interfaces that initialize a client authorization context from a 
system level authorization context or a user's security identifier, whereby 
when a user attempts to connect to the application, the registered dynamic 
access check callback function is invoked such that the client context is 
augmented with client contextual data dynamically computed using said 
dynamic data" have not been taught by prior art. The closest prior art, Swift 
(6,308,274), discloses initializing a client authorization context from a 
system level authorization context or a user's security identifier and 
augmenting the client authorization context with client contextual data 
dynamically computed; however, Swift does not disclose performing those 
tasks by invoking a registered dynamic access check callback function. 

Conclusion 

15. The prior art made of record and not relied upon is considered 
pertinent to applicant's disclosure. 

U.S. Patent No. 6,308,273 to Goertzel et al. 
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16. Applicant's amendment necessitated the new ground(s) of rejection 
presented in this Office action. Accordingly, THIS ACTION IS MADE 
FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of 
time policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to 
expire THREE MONTHS from the mailing date of this action. In the event a 
first reply is filed within TWO MONTHS of the mailing date of this final action 
and the advisory action is not mailed until after the end of the THREE- 
MONTH shortened statutory period, then the shortened statutory period will 
expire on the date the advisory action is mailed, and any extension fee 
pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the 
advisory action. In no event, however, will the statutory period for reply 
expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications 
from the examiner should be directed to Minh Dinh whose telephone number 
is 571-272-3802. The examiner can normally be reached on Mon-Fri: 
10:00am-6:30pm. 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Gilberto Barron can be reached on 571-272-3799. 
The fax phone number for the organization where this application or 
proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained 
from the Patent Application Information Retrieval (PAIR) system. Status 
information for published applications may be obtained from either Private 



available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on 
access to the Private PAIR system, contact the Electronic Business Center 
(EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272- 
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